Internal names and mechanism names

Name forms

There are two forms of name in GSS-API, Internal form and Contiguous string ("flat") form. gss_export_name() and gss_import_name() can be used to convert between the two forms.

The contiguous string form is described by an oid specificing the type and an octet string. A special form of the contiguous string form is the exported name object. The exported name defined for each mechanism, is something that can be stored and complared later. The exported name is what should be used for ACLs comparisons.

The Internal form

There is also special form of the Internal Name (IN), and that is the Mechanism Name (MN). In the mechanism name all the generic information is stripped of and only contain the information for one mechanism. In GSS-API some function return MN and some require MN as input. Each of these function is marked up as such.